UPDATED 19:22 EST / JANUARY 24 2024


HPE compromised by same Russian group behind SolarWinds and Microsoft hacks

Hewlett Packard Enterprise Co. is the latest company to be targeted by a Russian-linked hacking group, with a small percentage of mailboxes belonging to people who work in the company’s cybersecurity and other departments compromised.

The disclosure was made in a Jan. 19 filing with the U.S. Securities and Exchange Commission. HPE said the attacker was identified as Midnight Blizzard. Also known as Cozy Bear and Nobelium, the hacking group is the same Russian-linked gang that was behind the hack of SolarWinds and, more recently, the compromise of a small number of email accounts belonging to Microsoft Corp.

HPE said in the filing that it was notified on Dec. 12 that a suspected nation-state actor had gained unauthorized access to HPE’s cloud-based email environment. Upon finding the breach, HPE hired external cybersecurity experts and activated its response plan to investigate, remediate and eradicate the activity. 

Further investigation found that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in its cybersecurity, go-to-market, business segments and other departments. HPE added that it believes that the incident was likely related to an incident it became aware of in June 2023 that involved the exfiltration of a limited number of SharePoint files.

HPE has notified law enforcement and is also assessing its regulatory notification obligations. The incident did not have a material impact on the company’s operations. However, it has not been determined if the incident will materially affect the company’s financial conditions or operations. In other words, it’s not 100% sure what was stolen from the breached email accounts.

Although no further information was immediately available, the fact that HPE noted its cybersecurity staff were targeted suggests that Midnight Blizzard/Nobelium was, as in the case with Microsoft, looking for information about itself.

In Microsoft’s case, the threat actor used a password spray attack to compromise a legacy nonproduction test tenant account to gain a foothold and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts. Password-spraying is a type of cyberattack where an attacker attempts to gain unauthorized access to many accounts by employing a few commonly used passwords.

It’s highly likely that similar tactics were used to gain access to HPE corporate email accounts as well.

Image: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy